National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-5135 Detail

Current Description

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Source:  MITRE      Last Modified:  09/27/2007      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2007-5135
Original release date:
09/27/2007
Last revised:
09/28/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
6.8 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc External Source NETBSD NetBSD-SA2008-007
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html External Source APPLE APPLE-SA-2008-07-31
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html External Source SUSE SUSE-SR:2008:005
http://lists.vmware.com/pipermail/security-announce/2008/000002.html External Source MLIST [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc External Source FREEBSD FreeBSD-SA-07:08
http://security.gentoo.org/glsa/glsa-200710-06.xml External Source GENTOO GLSA-200710-06
http://securityreason.com/securityalert/3179 External Source SREASON 3179
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1 External Source SUNALERT 103130
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1 External Source SUNALERT 200858
http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm External Source CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241 External Source CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241
http://www.debian.org/security/2007/dsa-1379 External Source DEBIAN DSA-1379
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml External Source GENTOO GLSA-200805-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:193 External Source MANDRIVA MDKSA-2007:193
http://www.novell.com/linux/security/advisories/2007_20_sr.html External Source SUSE SUSE-SR:2007:020
http://www.openbsd.org/errata40.html External Source OPENBSD [4.0] 017: SECURITY FIX: October 10, 2007
http://www.openbsd.org/errata41.html External Source OPENBSD [4.1] 011: SECURITY FIX: October 10, 2007
http://www.openbsd.org/errata42.html External Source OPENBSD [4.2] 002: SECURITY FIX: October 10, 2007
http://www.openssl.org/news/secadv_20071012.txt External Source CONFIRM http://www.openssl.org/news/secadv_20071012.txt
http://www.redhat.com/support/errata/RHSA-2007-0813.html Vendor Advisory External Source REDHAT RHSA-2007:0813
http://www.redhat.com/support/errata/RHSA-2007-0964.html Vendor Advisory External Source REDHAT RHSA-2007:0964
http://www.redhat.com/support/errata/RHSA-2007-1003.html Vendor Advisory External Source REDHAT RHSA-2007:1003
http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded Exploit External Source BUGTRAQ 20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow
http://www.securityfocus.com/archive/1/archive/1/481217/100/0/threaded External Source BUGTRAQ 20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow
http://www.securityfocus.com/archive/1/archive/1/481488/100/0/threaded External Source BUGTRAQ 20071003 FLEA-2007-0058-1 openssl openssl-scripts
http://www.securityfocus.com/archive/1/archive/1/481506/100/0/threaded External Source BUGTRAQ 20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow
http://www.securityfocus.com/archive/1/archive/1/484353/100/0/threaded External Source HP SSRT071499
http://www.securityfocus.com/archive/1/archive/1/485936/100/0/threaded External Source BUGTRAQ 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
http://www.securityfocus.com/archive/1/archive/1/486859/100/0/threaded External Source BUGTRAQ 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
http://www.securityfocus.com/bid/25831 External Source BID 25831
http://www.securitytracker.com/id?1018755 External Source SECTRACK 1018755
http://www.ubuntulinux.org/support/documentation/usn/usn-522-1 External Source UBUNTU USN-522-1
http://www.vmware.com/security/advisories/VMSA-2008-0001.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0001.html
http://www.vmware.com/security/advisories/VMSA-2008-0013.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0013.html
http://www.vupen.com/english/advisories/2007/3325 External Source VUPEN ADV-2007-3325
http://www.vupen.com/english/advisories/2007/3625 External Source VUPEN ADV-2007-3625
http://www.vupen.com/english/advisories/2007/4042 External Source VUPEN ADV-2007-4042
http://www.vupen.com/english/advisories/2007/4144 External Source VUPEN ADV-2007-4144
http://www.vupen.com/english/advisories/2008/0064 External Source VUPEN ADV-2008-0064
http://www.vupen.com/english/advisories/2008/2268 External Source VUPEN ADV-2008-2268
http://www.vupen.com/english/advisories/2008/2361 External Source VUPEN ADV-2008-2361
http://www.vupen.com/english/advisories/2008/2362 External Source VUPEN ADV-2008-2362
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037 External Source CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038 External Source CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038
https://bugs.gentoo.org/show_bug.cgi?id=194039 External Source MISC https://bugs.gentoo.org/show_bug.cgi?id=194039
https://exchange.xforce.ibmcloud.com/vulnerabilities/36837 External Source XF openssl-sslgetshared-bo(36837)
https://issues.rpath.com/browse/RPL-1769 External Source CONFIRM https://issues.rpath.com/browse/RPL-1769
https://issues.rpath.com/browse/RPL-1770 External Source CONFIRM https://issues.rpath.com/browse/RPL-1770
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904 External Source OVAL oval:org.mitre.oval:def:10904
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337 External Source OVAL oval:org.mitre.oval:def:5337
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html Vendor Advisory External Source FEDORA FEDORA-2007-725

References to Check Content

Identifier:
oval:org.mitre.oval:def:10904
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10904
Identifier:
oval:org.mitre.oval:def:5337
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5337

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes